diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index 07cf64fab0..2053789b98 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -17581,6 +17581,244 @@ components:
required:
- data
type: object
+ CycloneDXAdvisory:
+ description: Advisory reference for a vulnerability.
+ properties:
+ url:
+ description: URL to the advisory.
+ example: https://example.com/advisory/CVE-2021-1234
+ type: string
+ type: object
+ CycloneDXAffect:
+ description: Reference to a component affected by a vulnerability.
+ properties:
+ ref:
+ description: Reference to a component's bom-ref.
+ example: a3390fca-c315-41ae-ae05-af5e7859cdee
+ type: string
+ required:
+ - ref
+ type: object
+ CycloneDXAssetComponent:
+ description: The asset component represents the system or host being scanned.
+ properties:
+ bom-ref:
+ description: Optional reference to a component in the components list.
+ example: asset-ref-123
+ type: string
+ name:
+ description: The name of the asset.
+ example: i-12345
+ type: string
+ type:
+ description: The type of the asset component.
+ example: operating-system
+ type: string
+ required:
+ - name
+ type: object
+ CycloneDXBOM:
+ description: CycloneDX 1.5 Bill of Materials (BOM) for importing vulnerabilities.
+ properties:
+ bomFormat:
+ description: The format of the BOM. Must be "CycloneDX".
+ example: CycloneDX
+ type: string
+ components:
+ description: List of components (libraries, applications, or operating systems)
+ that are affected by vulnerabilities.
+ items:
+ $ref: '#/components/schemas/CycloneDXComponent'
+ type: array
+ metadata:
+ $ref: '#/components/schemas/CycloneDXMetadata'
+ specVersion:
+ description: The version of the CycloneDX specification. Must be "1.5".
+ example: '1.5'
+ type: string
+ version:
+ description: The version of the BOM.
+ example: 1
+ format: int64
+ type: integer
+ vulnerabilities:
+ description: List of vulnerabilities to be imported.
+ items:
+ $ref: '#/components/schemas/CycloneDXVulnerability'
+ type: array
+ required:
+ - bomFormat
+ - specVersion
+ - version
+ - metadata
+ - vulnerabilities
+ - components
+ type: object
+ CycloneDXComponent:
+ description: A component (library, application, or operating system) in the
+ BOM.
+ properties:
+ bom-ref:
+ description: Unique reference identifier for this component.
+ example: a3390fca-c315-41ae-ae05-af5e7859cdee
+ type: string
+ name:
+ description: The name of the component.
+ example: lodash
+ type: string
+ purl:
+ description: Package URL for the component. Required for library components.
+ example: pkg:npm/lodash@4.17.21
+ type: string
+ type:
+ $ref: '#/components/schemas/CycloneDXComponentType'
+ version:
+ description: The version of the component.
+ example: 4.17.21
+ type: string
+ required:
+ - bom-ref
+ - type
+ - name
+ - version
+ type: object
+ CycloneDXComponentType:
+ description: The type of the component. Supported types are library, application,
+ and operating-system.
+ enum:
+ - library
+ - application
+ - operating-system
+ example: library
+ type: string
+ x-enum-varnames:
+ - LIBRARY
+ - APPLICATION
+ - OPERATING_SYSTEM
+ CycloneDXMetadata:
+ description: Metadata for the CycloneDX BOM.
+ properties:
+ component:
+ $ref: '#/components/schemas/CycloneDXAssetComponent'
+ tools:
+ $ref: '#/components/schemas/CycloneDXTools'
+ required:
+ - component
+ - tools
+ type: object
+ CycloneDXRating:
+ description: Vulnerability rating information.
+ properties:
+ score:
+ description: The CVSS score.
+ example: 9.0
+ format: double
+ type: number
+ severity:
+ description: The severity level.
+ example: high
+ type: string
+ vector:
+ description: The CVSS vector string.
+ example: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
+ type: string
+ type: object
+ CycloneDXReference:
+ description: External reference for a vulnerability.
+ properties:
+ id:
+ description: Identifier of the reference.
+ example: GHSA-35m5-8cvj-8783
+ type: string
+ source:
+ $ref: '#/components/schemas/CycloneDXReferenceSource'
+ type: object
+ CycloneDXReferenceSource:
+ description: Source information for a reference.
+ properties:
+ url:
+ description: URL to the source.
+ example: https://example.com
+ type: string
+ type: object
+ CycloneDXToolComponent:
+ description: Tool component that detected the vulnerabilities.
+ properties:
+ name:
+ description: The name of the tool.
+ example: my-scanner
+ type: string
+ type:
+ description: The type of the tool.
+ example: application
+ type: string
+ required:
+ - name
+ type: object
+ CycloneDXTools:
+ description: Tools used to generate the BOM.
+ properties:
+ components:
+ description: List of tool components. Only one tool is supported.
+ items:
+ $ref: '#/components/schemas/CycloneDXToolComponent'
+ maxItems: 1
+ minItems: 1
+ type: array
+ required:
+ - components
+ type: object
+ CycloneDXVulnerability:
+ description: A vulnerability in the CycloneDX BOM.
+ properties:
+ advisories:
+ description: List of advisory references.
+ items:
+ $ref: '#/components/schemas/CycloneDXAdvisory'
+ type: array
+ affects:
+ description: List of component references affected by this vulnerability.
+ items:
+ $ref: '#/components/schemas/CycloneDXAffect'
+ minItems: 1
+ type: array
+ cwes:
+ description: List of CWE (Common Weakness Enumeration) identifiers.
+ example:
+ - 123
+ - 345
+ items:
+ type: integer
+ type: array
+ description:
+ description: Description of the vulnerability.
+ example: Sample vulnerability detected in the application.
+ type: string
+ detail:
+ description: Detailed information about the vulnerability.
+ example: Details about the vulnerability
+ type: string
+ id:
+ description: The unique identifier of the vulnerability (e.g., CVE ID).
+ example: CVE-2021-1234
+ type: string
+ ratings:
+ description: List of vulnerability ratings. Must contain exactly one rating.
+ items:
+ $ref: '#/components/schemas/CycloneDXRating'
+ maxItems: 1
+ minItems: 1
+ type: array
+ references:
+ description: List of external references for the vulnerability.
+ items:
+ $ref: '#/components/schemas/CycloneDXReference'
+ type: array
+ required:
+ - id
+ - ratings
+ - affects
+ type: object
DORACustomTags:
description: A list of user-defined tags. The tags must follow the `key:value`
pattern. Up to 100 may be added per event.
@@ -53101,6 +53339,16 @@ components:
meta:
$ref: '#/components/schemas/SecurityFilterMeta'
type: object
+ SecurityFindingType:
+ description: The type of security finding.
+ enum:
+ - vulnerability
+ - configuration_finding
+ example: vulnerability
+ type: string
+ x-enum-varnames:
+ - VULNERABILITY
+ - CONFIGURATION_FINDING
SecurityFindingsAttributes:
description: The JSON object containing all attributes of the security finding.
properties:
@@ -64143,6 +64391,18 @@ components:
type:
$ref: '#/components/schemas/ThreatHuntingJobDataType'
type: object
+ ThreatIntelIndicatorType:
+ description: The type of threat indicator.
+ enum:
+ - ip_address
+ - domain
+ - sha256
+ example: ip_address
+ type: string
+ x-enum-varnames:
+ - IP_ADDRESS
+ - DOMAIN
+ - SHA256
TimeAggregation:
description: 'Time aggregation period (in seconds) is used to aggregate the
results of the notification rule evaluation.
@@ -93298,6 +93558,68 @@ paths:
permissions:
- security_monitoring_findings_read
- appsec_vm_read
+ post:
+ description: 'Allows external integrations to send security findings to Datadog.
+ This endpoint accepts finding data in a custom format and returns an empty
+ response on success.
+
+
+ **Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+ operationId: CreateSecurityFinding
+ parameters:
+ - description: The vendor providing the security finding. Must be lowercase.
+ example: vendor-name
+ in: header
+ name: vendor
+ required: true
+ schema:
+ type: string
+ - description: The type of security finding.
+ in: header
+ name: finding_type
+ required: true
+ schema:
+ $ref: '#/components/schemas/SecurityFindingType'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ additionalProperties: {}
+ description: Security finding data in a custom format.
+ type: object
+ required: true
+ responses:
+ '200':
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Bad Request
+ '403':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Forbidden
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ summary: Create security finding
+ tags:
+ - Security Monitoring
+ x-permission:
+ operator: OR
+ permissions:
+ - security_monitoring_findings_write
+ x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security/findings/cases:
delete:
description: 'Detach security findings from their case.
@@ -94050,6 +94372,92 @@ paths:
operator: OR
permissions:
- security_monitoring_notification_profiles_write
+ /api/v2/security/threat-intel-feed:
+ post:
+ description: 'Import threat intelligence feeds with support for IP addresses,
+ domains, and SHA256 hashes. This endpoint requires specific headers to identify
+ the vendor and indicator type.
+
+
+ **Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+ operationId: ImportThreatIntel
+ parameters:
+ - description: The vendor providing the threat intelligence feed.
+ example: vendor-name
+ in: header
+ name: ti_vendor
+ required: true
+ schema:
+ type: string
+ - description: The type of threat indicator. Valid values are ip_address, domain,
+ or sha256.
+ in: header
+ name: ti_indicator
+ required: true
+ schema:
+ $ref: '#/components/schemas/ThreatIntelIndicatorType'
+ - description: Optional integration account identifier.
+ in: header
+ name: ti_integration_account
+ required: false
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ description: Threat intelligence feed data.
+ type: object
+ application/octet-stream:
+ schema:
+ description: Threat intelligence feed data in binary format.
+ format: binary
+ type: string
+ required: true
+ responses:
+ '200':
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Bad Request
+ '401':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Unauthorized
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ '500':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Internal Server Error
+ '503':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Service Unavailable
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ summary: Import threat intelligence feed
+ tags:
+ - Security Monitoring
+ x-permission:
+ operator: OR
+ permissions:
+ - reference_tables_write
+ x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security/vulnerabilities:
get:
description: "Get a list of vulnerabilities.\n\n### Pagination\n\nPagination
@@ -94463,6 +94871,58 @@ paths:
x-unstable: '**Note**: This endpoint is a private preview.
If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
+ post:
+ description: 'Import vulnerabilities in CycloneDX 1.5 format. This endpoint
+ validates the payload against the CycloneDX 1.5 schema and additional mandatory
+ field requirements.
+
+
+ **Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+ operationId: ImportSecurityVulnerabilities
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CycloneDXBOM'
+ required: true
+ responses:
+ '200':
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Bad Request
+ '403':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Forbidden
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ '500':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/JSONAPIErrorResponse'
+ description: Internal Server Error
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ summary: Import vulnerabilities
+ tags:
+ - Security Monitoring
+ x-permission:
+ operator: OR
+ permissions:
+ - security_monitoring_findings_write
+ x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security/vulnerabilities/notification_rules:
get:
description: Returns the list of notification rules for security vulnerabilities.
diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst
index 6ea9cfc5d1..360fac59e3 100644
--- a/docs/datadog_api_client.v2.model.rst
+++ b/docs/datadog_api_client.v2.model.rst
@@ -7137,6 +7137,97 @@ datadog\_api\_client.v2.model.cvss module
:members:
:show-inheritance:
+datadog\_api\_client.v2.model.cyclone\_dx\_advisory module
+----------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_advisory
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_affect module
+--------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_affect
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_asset\_component module
+------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_asset_component
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_component module
+-----------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_component
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_component\_type module
+-----------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_component_type
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_metadata module
+----------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_metadata
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_rating module
+--------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_rating
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_reference module
+-----------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_reference
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_reference\_source module
+-------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_reference_source
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_tool\_component module
+-----------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_tool_component
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_tools module
+-------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_tools
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dx\_vulnerability module
+---------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dx_vulnerability
+ :members:
+ :show-inheritance:
+
+datadog\_api\_client.v2.model.cyclone\_dxbom module
+---------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.cyclone_dxbom
+ :members:
+ :show-inheritance:
+
datadog\_api\_client.v2.model.dashboard\_list\_add\_items\_request module
-------------------------------------------------------------------------
@@ -23419,6 +23510,13 @@ datadog\_api\_client.v2.model.security\_filters\_response module
:members:
:show-inheritance:
+datadog\_api\_client.v2.model.security\_finding\_type module
+------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_finding_type
+ :members:
+ :show-inheritance:
+
datadog\_api\_client.v2.model.security\_findings\_attributes module
-------------------------------------------------------------------
@@ -28242,6 +28340,13 @@ datadog\_api\_client.v2.model.threat\_hunting\_job\_response\_data module
:members:
:show-inheritance:
+datadog\_api\_client.v2.model.threat\_intel\_indicator\_type module
+-------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.threat_intel_indicator_type
+ :members:
+ :show-inheritance:
+
datadog\_api\_client.v2.model.time\_restriction module
------------------------------------------------------
diff --git a/examples/v2/security-monitoring/CreateSecurityFinding.py b/examples/v2/security-monitoring/CreateSecurityFinding.py
new file mode 100644
index 0000000000..d95fdc8760
--- /dev/null
+++ b/examples/v2/security-monitoring/CreateSecurityFinding.py
@@ -0,0 +1,16 @@
+"""
+Create security finding returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_finding_type import SecurityFindingType
+
+configuration = Configuration()
+configuration.unstable_operations["create_security_finding"] = True
+with ApiClient(configuration) as api_client:
+ api_instance = SecurityMonitoringApi(api_client)
+ api_instance.create_security_finding(
+ vendor="vendor",
+ finding_type=SecurityFindingType.VULNERABILITY,
+ )
diff --git a/examples/v2/security-monitoring/ImportSecurityVulnerabilities.py b/examples/v2/security-monitoring/ImportSecurityVulnerabilities.py
new file mode 100644
index 0000000000..3f5eb7f7db
--- /dev/null
+++ b/examples/v2/security-monitoring/ImportSecurityVulnerabilities.py
@@ -0,0 +1,91 @@
+"""
+Import vulnerabilities returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.cyclone_dx_advisory import CycloneDXAdvisory
+from datadog_api_client.v2.model.cyclone_dx_affect import CycloneDXAffect
+from datadog_api_client.v2.model.cyclone_dx_asset_component import CycloneDXAssetComponent
+from datadog_api_client.v2.model.cyclone_dx_component import CycloneDXComponent
+from datadog_api_client.v2.model.cyclone_dx_component_type import CycloneDXComponentType
+from datadog_api_client.v2.model.cyclone_dx_metadata import CycloneDXMetadata
+from datadog_api_client.v2.model.cyclone_dx_rating import CycloneDXRating
+from datadog_api_client.v2.model.cyclone_dx_reference import CycloneDXReference
+from datadog_api_client.v2.model.cyclone_dx_reference_source import CycloneDXReferenceSource
+from datadog_api_client.v2.model.cyclone_dx_tool_component import CycloneDXToolComponent
+from datadog_api_client.v2.model.cyclone_dx_tools import CycloneDXTools
+from datadog_api_client.v2.model.cyclone_dx_vulnerability import CycloneDXVulnerability
+from datadog_api_client.v2.model.cyclone_dxbom import CycloneDXBOM
+
+body = CycloneDXBOM(
+ bom_format="CycloneDX",
+ components=[
+ CycloneDXComponent(
+ bom_ref="a3390fca-c315-41ae-ae05-af5e7859cdee",
+ name="lodash",
+ purl="pkg:npm/lodash@4.17.21",
+ type=CycloneDXComponentType.LIBRARY,
+ version="4.17.21",
+ ),
+ ],
+ metadata=CycloneDXMetadata(
+ component=CycloneDXAssetComponent(
+ bom_ref="asset-ref-123",
+ name="i-12345",
+ type="operating-system",
+ ),
+ tools=CycloneDXTools(
+ components=[
+ CycloneDXToolComponent(
+ name="my-scanner",
+ type="application",
+ ),
+ ],
+ ),
+ ),
+ spec_version="1.5",
+ version=1,
+ vulnerabilities=[
+ CycloneDXVulnerability(
+ advisories=[
+ CycloneDXAdvisory(
+ url="https://example.com/advisory/CVE-2021-1234",
+ ),
+ ],
+ affects=[
+ CycloneDXAffect(
+ ref="a3390fca-c315-41ae-ae05-af5e7859cdee",
+ ),
+ ],
+ cwes=[
+ 123,
+ 345,
+ ],
+ description="Sample vulnerability detected in the application.",
+ detail="Details about the vulnerability",
+ id="CVE-2021-1234",
+ ratings=[
+ CycloneDXRating(
+ score=9.0,
+ severity="high",
+ vector="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
+ ),
+ ],
+ references=[
+ CycloneDXReference(
+ id="GHSA-35m5-8cvj-8783",
+ source=CycloneDXReferenceSource(
+ url="https://example.com",
+ ),
+ ),
+ ],
+ ),
+ ],
+)
+
+configuration = Configuration()
+configuration.unstable_operations["import_security_vulnerabilities"] = True
+with ApiClient(configuration) as api_client:
+ api_instance = SecurityMonitoringApi(api_client)
+ api_instance.import_security_vulnerabilities(body=body)
diff --git a/examples/v2/security-monitoring/ImportThreatIntel.py b/examples/v2/security-monitoring/ImportThreatIntel.py
new file mode 100644
index 0000000000..3ef4a7bf69
--- /dev/null
+++ b/examples/v2/security-monitoring/ImportThreatIntel.py
@@ -0,0 +1,16 @@
+"""
+Import threat intelligence feed returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.threat_intel_indicator_type import ThreatIntelIndicatorType
+
+configuration = Configuration()
+configuration.unstable_operations["import_threat_intel"] = True
+with ApiClient(configuration) as api_client:
+ api_instance = SecurityMonitoringApi(api_client)
+ api_instance.import_threat_intel(
+ ti_vendor="ti_vendor",
+ ti_indicator=ThreatIntelIndicatorType.IP_ADDRESS,
+ )
diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py
index efa1d3f521..4acc447325 100644
--- a/src/datadog_api_client/configuration.py
+++ b/src/datadog_api_client/configuration.py
@@ -276,6 +276,7 @@ def __init__(
"v2.activate_content_pack": False,
"v2.cancel_threat_hunting_job": False,
"v2.convert_job_result_to_signal": False,
+ "v2.create_security_finding": False,
"v2.deactivate_content_pack": False,
"v2.delete_threat_hunting_job": False,
"v2.get_content_packs_states": False,
@@ -285,6 +286,8 @@ def __init__(
"v2.get_security_monitoring_histsignal": False,
"v2.get_security_monitoring_histsignals_by_job_id": False,
"v2.get_threat_hunting_job": False,
+ "v2.import_security_vulnerabilities": False,
+ "v2.import_threat_intel": False,
"v2.list_findings": False,
"v2.list_multiple_rulesets": False,
"v2.list_scanned_assets_metadata": False,
diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py
index a60c987ce6..7791684fdc 100644
--- a/src/datadog_api_client/v2/api/security_monitoring_api.py
+++ b/src/datadog_api_client/v2/api/security_monitoring_api.py
@@ -9,12 +9,15 @@
from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint
from datadog_api_client.configuration import Configuration
from datadog_api_client.model_utils import (
+ date,
datetime,
set_attribute_from_path,
get_attribute_from_path,
file_type,
+ none_type,
UnsetType,
unset,
+ UUID,
)
from datadog_api_client.v2.model.create_custom_framework_response import CreateCustomFrameworkResponse
from datadog_api_client.v2.model.create_custom_framework_request import CreateCustomFrameworkRequest
@@ -40,6 +43,7 @@
from datadog_api_client.v2.model.list_security_findings_response import ListSecurityFindingsResponse
from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort
from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData
+from datadog_api_client.v2.model.security_finding_type import SecurityFindingType
from datadog_api_client.v2.model.detach_case_request import DetachCaseRequest
from datadog_api_client.v2.model.finding_case_response_array import FindingCaseResponseArray
from datadog_api_client.v2.model.create_case_request_array import CreateCaseRequestArray
@@ -58,12 +62,14 @@
from datadog_api_client.v2.model.notification_rule_response import NotificationRuleResponse
from datadog_api_client.v2.model.create_notification_rule_parameters import CreateNotificationRuleParameters
from datadog_api_client.v2.model.patch_notification_rule_parameters import PatchNotificationRuleParameters
+from datadog_api_client.v2.model.threat_intel_indicator_type import ThreatIntelIndicatorType
from datadog_api_client.v2.model.list_vulnerabilities_response import ListVulnerabilitiesResponse
from datadog_api_client.v2.model.vulnerability_type import VulnerabilityType
from datadog_api_client.v2.model.vulnerability_severity import VulnerabilitySeverity
from datadog_api_client.v2.model.vulnerability_status import VulnerabilityStatus
from datadog_api_client.v2.model.vulnerability_tool import VulnerabilityTool
from datadog_api_client.v2.model.vulnerability_ecosystem import VulnerabilityEcosystem
+from datadog_api_client.v2.model.cyclone_dxbom import CycloneDXBOM
from datadog_api_client.v2.model.list_vulnerable_assets_response import ListVulnerableAssetsResponse
from datadog_api_client.v2.model.security_monitoring_critical_assets_response import (
SecurityMonitoringCriticalAssetsResponse,
@@ -412,6 +418,53 @@ def __init__(self, api_client=None):
api_client=api_client,
)
+ self._create_security_finding_endpoint = _Endpoint(
+ settings={
+ "response_type": None,
+ "auth": ["apiKeyAuth", "appKeyAuth"],
+ "endpoint_path": "/api/v2/security/findings",
+ "operation_id": "create_security_finding",
+ "http_method": "POST",
+ "version": "v2",
+ },
+ params_map={
+ "vendor": {
+ "required": True,
+ "openapi_types": (str,),
+ "attribute": "vendor",
+ "location": "header",
+ },
+ "finding_type": {
+ "required": True,
+ "openapi_types": (SecurityFindingType,),
+ "attribute": "finding_type",
+ "location": "header",
+ },
+ "body": {
+ "required": True,
+ "openapi_types": (
+ {
+ str: (
+ bool,
+ date,
+ datetime,
+ dict,
+ float,
+ int,
+ list,
+ str,
+ UUID,
+ none_type,
+ )
+ },
+ ),
+ "location": "body",
+ },
+ },
+ headers_map={"accept": ["*/*"], "content_type": ["application/json"]},
+ api_client=api_client,
+ )
+
self._create_security_monitoring_critical_asset_endpoint = _Endpoint(
settings={
"response_type": (SecurityMonitoringCriticalAssetResponse,),
@@ -1413,6 +1466,63 @@ def __init__(self, api_client=None):
api_client=api_client,
)
+ self._import_security_vulnerabilities_endpoint = _Endpoint(
+ settings={
+ "response_type": None,
+ "auth": ["apiKeyAuth", "appKeyAuth"],
+ "endpoint_path": "/api/v2/security/vulnerabilities",
+ "operation_id": "import_security_vulnerabilities",
+ "http_method": "POST",
+ "version": "v2",
+ },
+ params_map={
+ "body": {
+ "required": True,
+ "openapi_types": (CycloneDXBOM,),
+ "location": "body",
+ },
+ },
+ headers_map={"accept": ["*/*"], "content_type": ["application/json"]},
+ api_client=api_client,
+ )
+
+ self._import_threat_intel_endpoint = _Endpoint(
+ settings={
+ "response_type": None,
+ "auth": ["apiKeyAuth", "appKeyAuth"],
+ "endpoint_path": "/api/v2/security/threat-intel-feed",
+ "operation_id": "import_threat_intel",
+ "http_method": "POST",
+ "version": "v2",
+ },
+ params_map={
+ "ti_vendor": {
+ "required": True,
+ "openapi_types": (str,),
+ "attribute": "ti_vendor",
+ "location": "header",
+ },
+ "ti_indicator": {
+ "required": True,
+ "openapi_types": (ThreatIntelIndicatorType,),
+ "attribute": "ti_indicator",
+ "location": "header",
+ },
+ "ti_integration_account": {
+ "openapi_types": (str,),
+ "attribute": "ti_integration_account",
+ "location": "header",
+ },
+ "body": {
+ "required": True,
+ "openapi_types": (dict,),
+ "location": "body",
+ },
+ },
+ headers_map={"accept": ["*/*"], "content_type": ["application/json", "application/octet-stream"]},
+ api_client=api_client,
+ )
+
self._list_assets_sbo_ms_endpoint = _Endpoint(
settings={
"response_type": (ListAssetsSBOMsResponse,),
@@ -2902,6 +3012,35 @@ def create_security_filter(
return self._create_security_filter_endpoint.call_with_http_info(**kwargs)
+ def create_security_finding(
+ self,
+ vendor: str,
+ finding_type: SecurityFindingType,
+ body: Dict[str, Any],
+ ) -> None:
+ """Create security finding.
+
+ Allows external integrations to send security findings to Datadog. This endpoint accepts finding data in a custom format and returns an empty response on success.
+
+ **Note** : This endpoint is in preview and is subject to change.
+ If you have any feedback, contact `Datadog support `_.
+
+ :param vendor: The vendor providing the security finding. Must be lowercase.
+ :type vendor: str
+ :param finding_type: The type of security finding.
+ :type finding_type: SecurityFindingType
+ :type body: {str: (bool, date, datetime, dict, float, int, list, str, UUID, none_type,)}
+ :rtype: None
+ """
+ kwargs: Dict[str, Any] = {}
+ kwargs["vendor"] = vendor
+
+ kwargs["finding_type"] = finding_type
+
+ kwargs["body"] = body
+
+ return self._create_security_finding_endpoint.call_with_http_info(**kwargs)
+
def create_security_monitoring_critical_asset(
self,
body: SecurityMonitoringCriticalAssetCreateRequest,
@@ -3722,6 +3861,61 @@ def get_vulnerability_notification_rules(
kwargs: Dict[str, Any] = {}
return self._get_vulnerability_notification_rules_endpoint.call_with_http_info(**kwargs)
+ def import_security_vulnerabilities(
+ self,
+ body: CycloneDXBOM,
+ ) -> None:
+ """Import vulnerabilities.
+
+ Import vulnerabilities in CycloneDX 1.5 format. This endpoint validates the payload against the CycloneDX 1.5 schema and additional mandatory field requirements.
+
+ **Note** : This endpoint is in preview and is subject to change.
+ If you have any feedback, contact `Datadog support `_.
+
+ :type body: CycloneDXBOM
+ :rtype: None
+ """
+ kwargs: Dict[str, Any] = {}
+ kwargs["body"] = body
+
+ return self._import_security_vulnerabilities_endpoint.call_with_http_info(**kwargs)
+
+ def import_threat_intel(
+ self,
+ ti_vendor: str,
+ ti_indicator: ThreatIntelIndicatorType,
+ body: dict,
+ *,
+ ti_integration_account: Union[str, UnsetType] = unset,
+ ) -> None:
+ """Import threat intelligence feed.
+
+ Import threat intelligence feeds with support for IP addresses, domains, and SHA256 hashes. This endpoint requires specific headers to identify the vendor and indicator type.
+
+ **Note** : This endpoint is in preview and is subject to change.
+ If you have any feedback, contact `Datadog support `_.
+
+ :param ti_vendor: The vendor providing the threat intelligence feed.
+ :type ti_vendor: str
+ :param ti_indicator: The type of threat indicator. Valid values are ip_address, domain, or sha256.
+ :type ti_indicator: ThreatIntelIndicatorType
+ :type body: dict
+ :param ti_integration_account: Optional integration account identifier.
+ :type ti_integration_account: str, optional
+ :rtype: None
+ """
+ kwargs: Dict[str, Any] = {}
+ kwargs["ti_vendor"] = ti_vendor
+
+ kwargs["ti_indicator"] = ti_indicator
+
+ if ti_integration_account is not unset:
+ kwargs["ti_integration_account"] = ti_integration_account
+
+ kwargs["body"] = body
+
+ return self._import_threat_intel_endpoint.call_with_http_info(**kwargs)
+
def list_assets_sbo_ms(
self,
*,
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_advisory.py b/src/datadog_api_client/v2/model/cyclone_dx_advisory.py
new file mode 100644
index 0000000000..d91ccd773e
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_advisory.py
@@ -0,0 +1,36 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+class CycloneDXAdvisory(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "url": (str,),
+ }
+
+ attribute_map = {
+ "url": "url",
+ }
+
+ def __init__(self_, url: Union[str, UnsetType] = unset, **kwargs):
+ """
+ Advisory reference for a vulnerability.
+
+ :param url: URL to the advisory.
+ :type url: str, optional
+ """
+ if url is not unset:
+ kwargs["url"] = url
+ super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_affect.py b/src/datadog_api_client/v2/model/cyclone_dx_affect.py
new file mode 100644
index 0000000000..7b2112b3d5
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_affect.py
@@ -0,0 +1,33 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+)
+
+
+class CycloneDXAffect(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "ref": (str,),
+ }
+
+ attribute_map = {
+ "ref": "ref",
+ }
+
+ def __init__(self_, ref: str, **kwargs):
+ """
+ Reference to a component affected by a vulnerability.
+
+ :param ref: Reference to a component's bom-ref.
+ :type ref: str
+ """
+ super().__init__(kwargs)
+
+ self_.ref = ref
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_asset_component.py b/src/datadog_api_client/v2/model/cyclone_dx_asset_component.py
new file mode 100644
index 0000000000..7cda13b691
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_asset_component.py
@@ -0,0 +1,52 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+class CycloneDXAssetComponent(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "bom_ref": (str,),
+ "name": (str,),
+ "type": (str,),
+ }
+
+ attribute_map = {
+ "bom_ref": "bom-ref",
+ "name": "name",
+ "type": "type",
+ }
+
+ def __init__(
+ self_, name: str, bom_ref: Union[str, UnsetType] = unset, type: Union[str, UnsetType] = unset, **kwargs
+ ):
+ """
+ The asset component represents the system or host being scanned.
+
+ :param bom_ref: Optional reference to a component in the components list.
+ :type bom_ref: str, optional
+
+ :param name: The name of the asset.
+ :type name: str
+
+ :param type: The type of the asset component.
+ :type type: str, optional
+ """
+ if bom_ref is not unset:
+ kwargs["bom_ref"] = bom_ref
+ if type is not unset:
+ kwargs["type"] = type
+ super().__init__(kwargs)
+
+ self_.name = name
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_component.py b/src/datadog_api_client/v2/model/cyclone_dx_component.py
new file mode 100644
index 0000000000..56abe91e76
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_component.py
@@ -0,0 +1,75 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_component_type import CycloneDXComponentType
+
+
+class CycloneDXComponent(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_component_type import CycloneDXComponentType
+
+ return {
+ "bom_ref": (str,),
+ "name": (str,),
+ "purl": (str,),
+ "type": (CycloneDXComponentType,),
+ "version": (str,),
+ }
+
+ attribute_map = {
+ "bom_ref": "bom-ref",
+ "name": "name",
+ "purl": "purl",
+ "type": "type",
+ "version": "version",
+ }
+
+ def __init__(
+ self_,
+ bom_ref: str,
+ name: str,
+ type: CycloneDXComponentType,
+ version: str,
+ purl: Union[str, UnsetType] = unset,
+ **kwargs,
+ ):
+ """
+ A component (library, application, or operating system) in the BOM.
+
+ :param bom_ref: Unique reference identifier for this component.
+ :type bom_ref: str
+
+ :param name: The name of the component.
+ :type name: str
+
+ :param purl: Package URL for the component. Required for library components.
+ :type purl: str, optional
+
+ :param type: The type of the component. Supported types are library, application, and operating-system.
+ :type type: CycloneDXComponentType
+
+ :param version: The version of the component.
+ :type version: str
+ """
+ if purl is not unset:
+ kwargs["purl"] = purl
+ super().__init__(kwargs)
+
+ self_.bom_ref = bom_ref
+ self_.name = name
+ self_.type = type
+ self_.version = version
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_component_type.py b/src/datadog_api_client/v2/model/cyclone_dx_component_type.py
new file mode 100644
index 0000000000..7d83783a12
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_component_type.py
@@ -0,0 +1,41 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+ ModelSimple,
+ cached_property,
+)
+
+from typing import ClassVar
+
+
+class CycloneDXComponentType(ModelSimple):
+ """
+ The type of the component. Supported types are library, application, and operating-system.
+
+ :param value: Must be one of ["library", "application", "operating-system"].
+ :type value: str
+ """
+
+ allowed_values = {
+ "library",
+ "application",
+ "operating-system",
+ }
+ LIBRARY: ClassVar["CycloneDXComponentType"]
+ APPLICATION: ClassVar["CycloneDXComponentType"]
+ OPERATING_SYSTEM: ClassVar["CycloneDXComponentType"]
+
+ @cached_property
+ def openapi_types(_):
+ return {
+ "value": (str,),
+ }
+
+
+CycloneDXComponentType.LIBRARY = CycloneDXComponentType("library")
+CycloneDXComponentType.APPLICATION = CycloneDXComponentType("application")
+CycloneDXComponentType.OPERATING_SYSTEM = CycloneDXComponentType("operating-system")
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_metadata.py b/src/datadog_api_client/v2/model/cyclone_dx_metadata.py
new file mode 100644
index 0000000000..a9be35bb2a
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_metadata.py
@@ -0,0 +1,48 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_asset_component import CycloneDXAssetComponent
+ from datadog_api_client.v2.model.cyclone_dx_tools import CycloneDXTools
+
+
+class CycloneDXMetadata(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_asset_component import CycloneDXAssetComponent
+ from datadog_api_client.v2.model.cyclone_dx_tools import CycloneDXTools
+
+ return {
+ "component": (CycloneDXAssetComponent,),
+ "tools": (CycloneDXTools,),
+ }
+
+ attribute_map = {
+ "component": "component",
+ "tools": "tools",
+ }
+
+ def __init__(self_, component: CycloneDXAssetComponent, tools: CycloneDXTools, **kwargs):
+ """
+ Metadata for the CycloneDX BOM.
+
+ :param component: The asset component represents the system or host being scanned.
+ :type component: CycloneDXAssetComponent
+
+ :param tools: Tools used to generate the BOM.
+ :type tools: CycloneDXTools
+ """
+ super().__init__(kwargs)
+
+ self_.component = component
+ self_.tools = tools
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_rating.py b/src/datadog_api_client/v2/model/cyclone_dx_rating.py
new file mode 100644
index 0000000000..6c9b54273d
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_rating.py
@@ -0,0 +1,56 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+class CycloneDXRating(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "score": (float,),
+ "severity": (str,),
+ "vector": (str,),
+ }
+
+ attribute_map = {
+ "score": "score",
+ "severity": "severity",
+ "vector": "vector",
+ }
+
+ def __init__(
+ self_,
+ score: Union[float, UnsetType] = unset,
+ severity: Union[str, UnsetType] = unset,
+ vector: Union[str, UnsetType] = unset,
+ **kwargs,
+ ):
+ """
+ Vulnerability rating information.
+
+ :param score: The CVSS score.
+ :type score: float, optional
+
+ :param severity: The severity level.
+ :type severity: str, optional
+
+ :param vector: The CVSS vector string.
+ :type vector: str, optional
+ """
+ if score is not unset:
+ kwargs["score"] = score
+ if severity is not unset:
+ kwargs["severity"] = severity
+ if vector is not unset:
+ kwargs["vector"] = vector
+ super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_reference.py b/src/datadog_api_client/v2/model/cyclone_dx_reference.py
new file mode 100644
index 0000000000..935715d18f
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_reference.py
@@ -0,0 +1,51 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_reference_source import CycloneDXReferenceSource
+
+
+class CycloneDXReference(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_reference_source import CycloneDXReferenceSource
+
+ return {
+ "id": (str,),
+ "source": (CycloneDXReferenceSource,),
+ }
+
+ attribute_map = {
+ "id": "id",
+ "source": "source",
+ }
+
+ def __init__(
+ self_, id: Union[str, UnsetType] = unset, source: Union[CycloneDXReferenceSource, UnsetType] = unset, **kwargs
+ ):
+ """
+ External reference for a vulnerability.
+
+ :param id: Identifier of the reference.
+ :type id: str, optional
+
+ :param source: Source information for a reference.
+ :type source: CycloneDXReferenceSource, optional
+ """
+ if id is not unset:
+ kwargs["id"] = id
+ if source is not unset:
+ kwargs["source"] = source
+ super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_reference_source.py b/src/datadog_api_client/v2/model/cyclone_dx_reference_source.py
new file mode 100644
index 0000000000..97c9a3fc96
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_reference_source.py
@@ -0,0 +1,36 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+class CycloneDXReferenceSource(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "url": (str,),
+ }
+
+ attribute_map = {
+ "url": "url",
+ }
+
+ def __init__(self_, url: Union[str, UnsetType] = unset, **kwargs):
+ """
+ Source information for a reference.
+
+ :param url: URL to the source.
+ :type url: str, optional
+ """
+ if url is not unset:
+ kwargs["url"] = url
+ super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_tool_component.py b/src/datadog_api_client/v2/model/cyclone_dx_tool_component.py
new file mode 100644
index 0000000000..eb599581fe
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_tool_component.py
@@ -0,0 +1,43 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+class CycloneDXToolComponent(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ return {
+ "name": (str,),
+ "type": (str,),
+ }
+
+ attribute_map = {
+ "name": "name",
+ "type": "type",
+ }
+
+ def __init__(self_, name: str, type: Union[str, UnsetType] = unset, **kwargs):
+ """
+ Tool component that detected the vulnerabilities.
+
+ :param name: The name of the tool.
+ :type name: str
+
+ :param type: The type of the tool.
+ :type type: str, optional
+ """
+ if type is not unset:
+ kwargs["type"] = type
+ super().__init__(kwargs)
+
+ self_.name = name
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_tools.py b/src/datadog_api_client/v2/model/cyclone_dx_tools.py
new file mode 100644
index 0000000000..1c89281d0c
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_tools.py
@@ -0,0 +1,47 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import List, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_tool_component import CycloneDXToolComponent
+
+
+class CycloneDXTools(ModelNormal):
+ validations = {
+ "components": {
+ "max_items": 1,
+ "min_items": 1,
+ },
+ }
+
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_tool_component import CycloneDXToolComponent
+
+ return {
+ "components": ([CycloneDXToolComponent],),
+ }
+
+ attribute_map = {
+ "components": "components",
+ }
+
+ def __init__(self_, components: List[CycloneDXToolComponent], **kwargs):
+ """
+ Tools used to generate the BOM.
+
+ :param components: List of tool components. Only one tool is supported.
+ :type components: [CycloneDXToolComponent]
+ """
+ super().__init__(kwargs)
+
+ self_.components = components
diff --git a/src/datadog_api_client/v2/model/cyclone_dx_vulnerability.py b/src/datadog_api_client/v2/model/cyclone_dx_vulnerability.py
new file mode 100644
index 0000000000..a053da3cb5
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dx_vulnerability.py
@@ -0,0 +1,116 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import List, Union, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+ unset,
+ UnsetType,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_advisory import CycloneDXAdvisory
+ from datadog_api_client.v2.model.cyclone_dx_affect import CycloneDXAffect
+ from datadog_api_client.v2.model.cyclone_dx_rating import CycloneDXRating
+ from datadog_api_client.v2.model.cyclone_dx_reference import CycloneDXReference
+
+
+class CycloneDXVulnerability(ModelNormal):
+ validations = {
+ "affects": {
+ "min_items": 1,
+ },
+ "ratings": {
+ "max_items": 1,
+ "min_items": 1,
+ },
+ }
+
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_advisory import CycloneDXAdvisory
+ from datadog_api_client.v2.model.cyclone_dx_affect import CycloneDXAffect
+ from datadog_api_client.v2.model.cyclone_dx_rating import CycloneDXRating
+ from datadog_api_client.v2.model.cyclone_dx_reference import CycloneDXReference
+
+ return {
+ "advisories": ([CycloneDXAdvisory],),
+ "affects": ([CycloneDXAffect],),
+ "cwes": ([int],),
+ "description": (str,),
+ "detail": (str,),
+ "id": (str,),
+ "ratings": ([CycloneDXRating],),
+ "references": ([CycloneDXReference],),
+ }
+
+ attribute_map = {
+ "advisories": "advisories",
+ "affects": "affects",
+ "cwes": "cwes",
+ "description": "description",
+ "detail": "detail",
+ "id": "id",
+ "ratings": "ratings",
+ "references": "references",
+ }
+
+ def __init__(
+ self_,
+ affects: List[CycloneDXAffect],
+ id: str,
+ ratings: List[CycloneDXRating],
+ advisories: Union[List[CycloneDXAdvisory], UnsetType] = unset,
+ cwes: Union[List[int], UnsetType] = unset,
+ description: Union[str, UnsetType] = unset,
+ detail: Union[str, UnsetType] = unset,
+ references: Union[List[CycloneDXReference], UnsetType] = unset,
+ **kwargs,
+ ):
+ """
+ A vulnerability in the CycloneDX BOM.
+
+ :param advisories: List of advisory references.
+ :type advisories: [CycloneDXAdvisory], optional
+
+ :param affects: List of component references affected by this vulnerability.
+ :type affects: [CycloneDXAffect]
+
+ :param cwes: List of CWE (Common Weakness Enumeration) identifiers.
+ :type cwes: [int], optional
+
+ :param description: Description of the vulnerability.
+ :type description: str, optional
+
+ :param detail: Detailed information about the vulnerability.
+ :type detail: str, optional
+
+ :param id: The unique identifier of the vulnerability (e.g., CVE ID).
+ :type id: str
+
+ :param ratings: List of vulnerability ratings. Must contain exactly one rating.
+ :type ratings: [CycloneDXRating]
+
+ :param references: List of external references for the vulnerability.
+ :type references: [CycloneDXReference], optional
+ """
+ if advisories is not unset:
+ kwargs["advisories"] = advisories
+ if cwes is not unset:
+ kwargs["cwes"] = cwes
+ if description is not unset:
+ kwargs["description"] = description
+ if detail is not unset:
+ kwargs["detail"] = detail
+ if references is not unset:
+ kwargs["references"] = references
+ super().__init__(kwargs)
+
+ self_.affects = affects
+ self_.id = id
+ self_.ratings = ratings
diff --git a/src/datadog_api_client/v2/model/cyclone_dxbom.py b/src/datadog_api_client/v2/model/cyclone_dxbom.py
new file mode 100644
index 0000000000..a43045c350
--- /dev/null
+++ b/src/datadog_api_client/v2/model/cyclone_dxbom.py
@@ -0,0 +1,83 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import List, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+ ModelNormal,
+ cached_property,
+)
+
+
+if TYPE_CHECKING:
+ from datadog_api_client.v2.model.cyclone_dx_component import CycloneDXComponent
+ from datadog_api_client.v2.model.cyclone_dx_metadata import CycloneDXMetadata
+ from datadog_api_client.v2.model.cyclone_dx_vulnerability import CycloneDXVulnerability
+
+
+class CycloneDXBOM(ModelNormal):
+ @cached_property
+ def openapi_types(_):
+ from datadog_api_client.v2.model.cyclone_dx_component import CycloneDXComponent
+ from datadog_api_client.v2.model.cyclone_dx_metadata import CycloneDXMetadata
+ from datadog_api_client.v2.model.cyclone_dx_vulnerability import CycloneDXVulnerability
+
+ return {
+ "bom_format": (str,),
+ "components": ([CycloneDXComponent],),
+ "metadata": (CycloneDXMetadata,),
+ "spec_version": (str,),
+ "version": (int,),
+ "vulnerabilities": ([CycloneDXVulnerability],),
+ }
+
+ attribute_map = {
+ "bom_format": "bomFormat",
+ "components": "components",
+ "metadata": "metadata",
+ "spec_version": "specVersion",
+ "version": "version",
+ "vulnerabilities": "vulnerabilities",
+ }
+
+ def __init__(
+ self_,
+ bom_format: str,
+ components: List[CycloneDXComponent],
+ metadata: CycloneDXMetadata,
+ spec_version: str,
+ version: int,
+ vulnerabilities: List[CycloneDXVulnerability],
+ **kwargs,
+ ):
+ """
+ CycloneDX 1.5 Bill of Materials (BOM) for importing vulnerabilities.
+
+ :param bom_format: The format of the BOM. Must be "CycloneDX".
+ :type bom_format: str
+
+ :param components: List of components (libraries, applications, or operating systems) that are affected by vulnerabilities.
+ :type components: [CycloneDXComponent]
+
+ :param metadata: Metadata for the CycloneDX BOM.
+ :type metadata: CycloneDXMetadata
+
+ :param spec_version: The version of the CycloneDX specification. Must be "1.5".
+ :type spec_version: str
+
+ :param version: The version of the BOM.
+ :type version: int
+
+ :param vulnerabilities: List of vulnerabilities to be imported.
+ :type vulnerabilities: [CycloneDXVulnerability]
+ """
+ super().__init__(kwargs)
+
+ self_.bom_format = bom_format
+ self_.components = components
+ self_.metadata = metadata
+ self_.spec_version = spec_version
+ self_.version = version
+ self_.vulnerabilities = vulnerabilities
diff --git a/src/datadog_api_client/v2/model/security_finding_type.py b/src/datadog_api_client/v2/model/security_finding_type.py
new file mode 100644
index 0000000000..2ff374bce4
--- /dev/null
+++ b/src/datadog_api_client/v2/model/security_finding_type.py
@@ -0,0 +1,38 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+ ModelSimple,
+ cached_property,
+)
+
+from typing import ClassVar
+
+
+class SecurityFindingType(ModelSimple):
+ """
+ The type of security finding.
+
+ :param value: Must be one of ["vulnerability", "configuration_finding"].
+ :type value: str
+ """
+
+ allowed_values = {
+ "vulnerability",
+ "configuration_finding",
+ }
+ VULNERABILITY: ClassVar["SecurityFindingType"]
+ CONFIGURATION_FINDING: ClassVar["SecurityFindingType"]
+
+ @cached_property
+ def openapi_types(_):
+ return {
+ "value": (str,),
+ }
+
+
+SecurityFindingType.VULNERABILITY = SecurityFindingType("vulnerability")
+SecurityFindingType.CONFIGURATION_FINDING = SecurityFindingType("configuration_finding")
diff --git a/src/datadog_api_client/v2/model/threat_intel_indicator_type.py b/src/datadog_api_client/v2/model/threat_intel_indicator_type.py
new file mode 100644
index 0000000000..b4c8ad08df
--- /dev/null
+++ b/src/datadog_api_client/v2/model/threat_intel_indicator_type.py
@@ -0,0 +1,41 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+ ModelSimple,
+ cached_property,
+)
+
+from typing import ClassVar
+
+
+class ThreatIntelIndicatorType(ModelSimple):
+ """
+ The type of threat indicator.
+
+ :param value: Must be one of ["ip_address", "domain", "sha256"].
+ :type value: str
+ """
+
+ allowed_values = {
+ "ip_address",
+ "domain",
+ "sha256",
+ }
+ IP_ADDRESS: ClassVar["ThreatIntelIndicatorType"]
+ DOMAIN: ClassVar["ThreatIntelIndicatorType"]
+ SHA256: ClassVar["ThreatIntelIndicatorType"]
+
+ @cached_property
+ def openapi_types(_):
+ return {
+ "value": (str,),
+ }
+
+
+ThreatIntelIndicatorType.IP_ADDRESS = ThreatIntelIndicatorType("ip_address")
+ThreatIntelIndicatorType.DOMAIN = ThreatIntelIndicatorType("domain")
+ThreatIntelIndicatorType.SHA256 = ThreatIntelIndicatorType("sha256")
diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py
index 2eece21eff..129f08c9ee 100644
--- a/src/datadog_api_client/v2/models/__init__.py
+++ b/src/datadog_api_client/v2/models/__init__.py
@@ -1436,6 +1436,19 @@
from datadog_api_client.v2.model.custom_ruleset_request_data import CustomRulesetRequestData
from datadog_api_client.v2.model.custom_ruleset_request_data_attributes import CustomRulesetRequestDataAttributes
from datadog_api_client.v2.model.custom_ruleset_response import CustomRulesetResponse
+from datadog_api_client.v2.model.cyclone_dx_advisory import CycloneDXAdvisory
+from datadog_api_client.v2.model.cyclone_dx_affect import CycloneDXAffect
+from datadog_api_client.v2.model.cyclone_dx_asset_component import CycloneDXAssetComponent
+from datadog_api_client.v2.model.cyclone_dxbom import CycloneDXBOM
+from datadog_api_client.v2.model.cyclone_dx_component import CycloneDXComponent
+from datadog_api_client.v2.model.cyclone_dx_component_type import CycloneDXComponentType
+from datadog_api_client.v2.model.cyclone_dx_metadata import CycloneDXMetadata
+from datadog_api_client.v2.model.cyclone_dx_rating import CycloneDXRating
+from datadog_api_client.v2.model.cyclone_dx_reference import CycloneDXReference
+from datadog_api_client.v2.model.cyclone_dx_reference_source import CycloneDXReferenceSource
+from datadog_api_client.v2.model.cyclone_dx_tool_component import CycloneDXToolComponent
+from datadog_api_client.v2.model.cyclone_dx_tools import CycloneDXTools
+from datadog_api_client.v2.model.cyclone_dx_vulnerability import CycloneDXVulnerability
from datadog_api_client.v2.model.dora_deployment_fetch_response import DORADeploymentFetchResponse
from datadog_api_client.v2.model.dora_deployment_object import DORADeploymentObject
from datadog_api_client.v2.model.dora_deployment_object_attributes import DORADeploymentObjectAttributes
@@ -4694,6 +4707,7 @@
from datadog_api_client.v2.model.security_filter_update_data import SecurityFilterUpdateData
from datadog_api_client.v2.model.security_filter_update_request import SecurityFilterUpdateRequest
from datadog_api_client.v2.model.security_filters_response import SecurityFiltersResponse
+from datadog_api_client.v2.model.security_finding_type import SecurityFindingType
from datadog_api_client.v2.model.security_findings_attributes import SecurityFindingsAttributes
from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData
from datadog_api_client.v2.model.security_findings_data_type import SecurityFindingsDataType
@@ -5717,6 +5731,7 @@
from datadog_api_client.v2.model.threat_hunting_job_response import ThreatHuntingJobResponse
from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ThreatHuntingJobResponseAttributes
from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData
+from datadog_api_client.v2.model.threat_intel_indicator_type import ThreatIntelIndicatorType
from datadog_api_client.v2.model.time_restriction import TimeRestriction
from datadog_api_client.v2.model.time_restrictions import TimeRestrictions
from datadog_api_client.v2.model.timeline_cell import TimelineCell
@@ -7046,6 +7061,19 @@
"CustomRulesetRequestData",
"CustomRulesetRequestDataAttributes",
"CustomRulesetResponse",
+ "CycloneDXAdvisory",
+ "CycloneDXAffect",
+ "CycloneDXAssetComponent",
+ "CycloneDXBOM",
+ "CycloneDXComponent",
+ "CycloneDXComponentType",
+ "CycloneDXMetadata",
+ "CycloneDXRating",
+ "CycloneDXReference",
+ "CycloneDXReferenceSource",
+ "CycloneDXToolComponent",
+ "CycloneDXTools",
+ "CycloneDXVulnerability",
"DORADeploymentFetchResponse",
"DORADeploymentObject",
"DORADeploymentObjectAttributes",
@@ -9382,6 +9410,7 @@
"SecurityFilterUpdateData",
"SecurityFilterUpdateRequest",
"SecurityFiltersResponse",
+ "SecurityFindingType",
"SecurityFindingsAttributes",
"SecurityFindingsData",
"SecurityFindingsDataType",
@@ -10069,6 +10098,7 @@
"ThreatHuntingJobResponse",
"ThreatHuntingJobResponseAttributes",
"ThreatHuntingJobResponseData",
+ "ThreatIntelIndicatorType",
"TimeRestriction",
"TimeRestrictions",
"TimelineCell",
diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature
index 5695a7ea4a..3ad8d5c963 100644
--- a/tests/v2/features/security_monitoring.feature
+++ b/tests/v2/features/security_monitoring.feature
@@ -708,6 +708,24 @@ Feature: Security Monitoring
When the request is sent
Then the response status is 404 Not Found
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Create security finding returns "Bad Request" response
+ Given operation "CreateSecurityFinding" enabled
+ And new "CreateSecurityFinding" request
+ And request contains "vendor" parameter from "REPLACE.ME"
+ And request contains "finding_type" parameter from "REPLACE.ME"
+ When the request is sent
+ Then the response status is 400 Bad Request
+
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Create security finding returns "OK" response
+ Given operation "CreateSecurityFinding" enabled
+ And new "CreateSecurityFinding" request
+ And request contains "vendor" parameter from "REPLACE.ME"
+ And request contains "finding_type" parameter from "REPLACE.ME"
+ When the request is sent
+ Then the response status is 200 OK
+
@generated @skip @team:DataDog/k9-cloud-security-platform
Scenario: Deactivate content pack returns "Accepted" response
Given operation "DeactivateContentPack" enabled
@@ -1397,6 +1415,40 @@ Feature: Security Monitoring
When the request is sent
Then the response status is 200 The list of notification rules.
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Import threat intelligence feed returns "Bad Request" response
+ Given operation "ImportThreatIntel" enabled
+ And new "ImportThreatIntel" request
+ And request contains "ti_vendor" parameter from "REPLACE.ME"
+ And request contains "ti_indicator" parameter from "REPLACE.ME"
+ When the request is sent
+ Then the response status is 400 Bad Request
+
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Import threat intelligence feed returns "OK" response
+ Given operation "ImportThreatIntel" enabled
+ And new "ImportThreatIntel" request
+ And request contains "ti_vendor" parameter from "REPLACE.ME"
+ And request contains "ti_indicator" parameter from "REPLACE.ME"
+ When the request is sent
+ Then the response status is 200 OK
+
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Import vulnerabilities returns "Bad Request" response
+ Given operation "ImportSecurityVulnerabilities" enabled
+ And new "ImportSecurityVulnerabilities" request
+ And body with value {"bomFormat": "CycloneDX", "components": [{"bom-ref": "a3390fca-c315-41ae-ae05-af5e7859cdee", "name": "lodash", "purl": "pkg:npm/lodash@4.17.21", "type": "library", "version": "4.17.21"}], "metadata": {"component": {"bom-ref": "asset-ref-123", "name": "i-12345", "type": "operating-system"}, "tools": {"components": [{"name": "my-scanner", "type": "application"}]}}, "specVersion": "1.5", "version": 1, "vulnerabilities": [{"advisories": [{"url": "https://example.com/advisory/CVE-2021-1234"}], "affects": [{"ref": "a3390fca-c315-41ae-ae05-af5e7859cdee"}], "cwes": [123, 345], "description": "Sample vulnerability detected in the application.", "detail": "Details about the vulnerability", "id": "CVE-2021-1234", "ratings": [{"score": 9.0, "severity": "high", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}], "references": [{"id": "GHSA-35m5-8cvj-8783", "source": {"url": "https://example.com"}}]}]}
+ When the request is sent
+ Then the response status is 400 Bad Request
+
+ @generated @skip @team:DataDog/asm-vm
+ Scenario: Import vulnerabilities returns "OK" response
+ Given operation "ImportSecurityVulnerabilities" enabled
+ And new "ImportSecurityVulnerabilities" request
+ And body with value {"bomFormat": "CycloneDX", "components": [{"bom-ref": "a3390fca-c315-41ae-ae05-af5e7859cdee", "name": "lodash", "purl": "pkg:npm/lodash@4.17.21", "type": "library", "version": "4.17.21"}], "metadata": {"component": {"bom-ref": "asset-ref-123", "name": "i-12345", "type": "operating-system"}, "tools": {"components": [{"name": "my-scanner", "type": "application"}]}}, "specVersion": "1.5", "version": 1, "vulnerabilities": [{"advisories": [{"url": "https://example.com/advisory/CVE-2021-1234"}], "affects": [{"ref": "a3390fca-c315-41ae-ae05-af5e7859cdee"}], "cwes": [123, 345], "description": "Sample vulnerability detected in the application.", "detail": "Details about the vulnerability", "id": "CVE-2021-1234", "ratings": [{"score": 9.0, "severity": "high", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}], "references": [{"id": "GHSA-35m5-8cvj-8783", "source": {"url": "https://example.com"}}]}]}
+ When the request is sent
+ Then the response status is 200 OK
+
@generated @skip @team:DataDog/k9-cloud-vm
Scenario: List assets SBOMs returns "Bad request: The server cannot process the request due to invalid syntax in the request." response
Given new "ListAssetsSBOMs" request
diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json
index 75d0d7f71e..110c6b94f8 100644
--- a/tests/v2/features/undo.json
+++ b/tests/v2/features/undo.json
@@ -4304,6 +4304,12 @@
"type": "safe"
}
},
+ "CreateSecurityFinding": {
+ "tag": "Security Monitoring",
+ "undo": {
+ "type": "unsafe"
+ }
+ },
"DetachCase": {
"tag": "Security Monitoring",
"undo": {
@@ -4409,12 +4415,24 @@
"type": "idempotent"
}
},
+ "ImportThreatIntel": {
+ "tag": "Security Monitoring",
+ "undo": {
+ "type": "unsafe"
+ }
+ },
"ListVulnerabilities": {
"tag": "Security Monitoring",
"undo": {
"type": "safe"
}
},
+ "ImportSecurityVulnerabilities": {
+ "tag": "Security Monitoring",
+ "undo": {
+ "type": "unsafe"
+ }
+ },
"GetVulnerabilityNotificationRules": {
"tag": "Security Monitoring",
"undo": {